The Spamhaus Project
Encyclopedia
The Spamhaus Project is an international organisation (founded by Steve Linford
Steve Linford
Steve Linford is a British anti-spam campaigner best known for founding The Spamhaus Project.-Biography:Linford was born in London, England in 1956. His family moved to Rome, Italy where Steve attended Rome's St. George's British International School...

 in 1998) to track e-mail spam
E-mail spam
Email spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...

mers and spam-related activity. It is named for the anti-spam jargon term coined by Linford, spamhaus, a pseudo-German
German language
German is a West Germanic language, related to and classified alongside English and Dutch. With an estimated 90 – 98 million native speakers, German is one of the world's major languages and is the most widely-spoken first language in the European Union....

 expression for an ISP
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...

 or other firm which spams or willingly provides service to spammers.

Spamhaus DNSBLs and DNSWLs

Spamhaus is responsible for a number of very widely used anti-spam DNS-based Blocklists (DNSBL
DNSBL
A DNSBL is a list of IP addresses published through the Internet Domain Name Service either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time...

s) and Whitelists (DNSWL
DNSWL
DNSWL is both a generic term and a specific list. The specific list DNSWL.org, lists over 50,000 legitimate SMTP senders.- Generic need for whitelisting :...

s). Many internet service provider
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...

s and Internet networks use these services to reduce the amount of spam they take on. The Spamhaus lists collectively protect over 1.4 billion e-mail users, according to Spamhaus' web page (June 2008) and are estimated to block 80 billion spam emails per day globally on the internet (almost 1 million spams per second). Like all DNSBLs, their use is considered controversial by some.

The Spamhaus Block List (SBL) targets "verified spam sources (including spammers, spam gangs and spam support services)." Its goal is to list IP addresses belonging to known spammers, spam operations, and spam-support services The SBL's listings are partially based on the ROKSO index of "spam gangs", for which see below.

The Exploits Block List (XBL) targets "illegal 3rd party exploits, including open proxies
Open proxy
An open proxy is a proxy server that is accessible by any Internet user. Generally, a proxy server allows users within a network group to store and forward Internet services such as DNS or web pages to reduce and control the bandwidth used by the group...

, worms/viruses with built-in spam engines, and other types of trojan-horse exploits." That is to say, like several other DNSBLs it is a list of known open proxies and exploited computers being used to send spam and viruses. The XBL includes listings gathered by Spamhaus as well as by two contributing DNSBL operations — the Composite Blocking List
Composite Blocking List
In computer networking, the Composite Blocking List is a DNS-based Blackhole List of suspected E-mail spam sending computer infections.The CBL takes its source data from very large spamtraps/mail infrastructures, and only lists IPs exhibiting characteristics such as:* Open proxies of various sorts...

 (CBL) and the Not Just Another Bogus List
Not Just Another Bogus List
Not Just Another Bogus List, or NJABL, is a DNS blacklist.NJABL maintains a list of known and potential spam sources for the purpose of being able to tag or refuse e-mail and thereby block spam from certain sources...

 (NJABL) lists.

The Policy Block List (PBL) is a list that serves many of the same functions of a Dialup Users List
Dialup Users List
A Dynamic Users List is a type of DNSBL which contains the IP addresses an ISP assigns to its customer on a temporary basis, often using DHCP or similar protocols. Dynamically assigned IP addresses are contrasted with static IP addresses which do not change once they have been allocated by the...

, but really it is not a DUL. The PBL lists not only dynamic and DHCP type IP address space designated as 'not allowed to make direct SMTP connections', but static assignments that shouldn't be sending email without prior arrangement. Examples of such are an ISP's core routers, corporate users required by policy to send via their internal mail server, and unassigned IP addresses. Much of the data is provided to Spamhaus by the organizers (ISPs) of the IP address space.

The Domain Block List (DBL) was released in March 2010 and is a list of domain names, which is both a domain URI Blocklist and RHSBL. It lists spam domains including spam payload URLs, spam sources and senders ("right-hand side"), known spammers and spam gangs, and phish, virus and malware-related sites.

The Spamhaus White List (SWL) was released in October 2010 and is a whitelist of IPv4 and IPv6 addresses. The SWL is intended to allow mail servers to separate incoming email traffic into 3 categories: Good, Bad and Unknown. Only verified legitimate senders with clean reputations are approved for whitelisting and there are strict terms to keeping a Spamhaus Whitelist account.

The Domain White List (DWL) was released in October 2010 and is a whitelist of domain names. The DWL enables automatic certification of domains with DKIM signatures. Only verified legitimate senders with clean reputations are approved for whitelisting and there are strict terms to keeping a whitelist account.

Spamhaus's DNSBLs and DNSWLs are offered as a free public service to low-volume mail server operators on the Internet. Commercial spam filtering services and other large sites doing large numbers of queries must instead sign up for an rsync
Rsync
rsync is a software application and network protocol for Unix-like and Windows systems which synchronizes files and directories from one location to another while minimizing data transfer using delta encoding when appropriate. An important feature of rsync not found in most similar...

-based feed of these DNSBLs, which Spamhaus calls its Datafeed Service, at a moderate fee as long as they are not in Spamhaus's top ten worst spam service ISPs list.

Spamhaus also provides two combined DNSBLs. One is the SBL+XBL which allows users to query sbl-xbl.spamhaus.org once and get return codes from both lists. A newer combination is called ZEN (named after founder Linford's dog), which allows users to query zen.spamhaus.org once and get return codes from the SBL+XBL and the newer PBL.

Spamhaus outlines the way its DNSBL technology works in a document called Understanding DNSBL Filtering.

Register of Known Spam Operations

The Spamhaus Register of Known Spam Operations (ROKSO) is a database of "hard-core spam gangs" -- spammers and spam operations who have been terminated from three or more ISPs due to spamming. The ROKSO list is not a DNSBL; it is, rather, a directory of publicly-sourced information about these persons and their business and at times criminal activities.

The ROKSO database is nowadays part of the signup checking procedure of many of the major ISPs, ensuring that ROKSO-listed spammers find it difficult to get hosting. A listing on ROKSO also means that all IP addresses associated with the spammer (his other domains, sites, servers, etc.) get listed on the Spamhaus SBL as "under the control of a ROKSO-listed spammer" whether there is spam coming from them or not (as a preventative measure).

There is a special version of ROKSO available to Law Enforcement Agencies (for which LEAs need to apply for access) which gives access to data on hundreds of spam gangs, with evidence, logs and information on illegal activities of these gangs, too sensitive to publish in the public part of ROKSO.

Don't Route Or Peer List

The Spamhaus Don't Route Or Peer (DROP) List is a text file delineating so-called "zombie" (stolen) CIDR blocks and netblocks which are "totally controlled by spammers or 100% spam hosting operations", as shown by SBL listings, with the numbers of the underlying listings as comments. It is intended not to include netblocks registered to ISPs and sublet to spammers, but only those blocks wholly used by spammers. It is intended to be incorporated in firewalls and routing equipment to block network traffic from and to those blocks.

Spamhaus Companies

The Spamhaus 'Group' (although there is no group identity) consists of a number of independent companies which focus on different aspects of Spamhaus anti-spam technology or provide services based around it. At the core is The Spamhaus Project Ltd., a UK-registered non-profit which tracks spam sources and publishes free DNSBLs. Further 'Spamhaus' companies include Spamhaus Logistics Corp., a Seychelles-registered corporation which owns the large server infrastructure used by Spamhaus and employs engineering staff to maintain it. Spamhaus Technology Ltd., a UK-registered commercial 'data delivery' company which "manages data distribution and synchronization services". Spamhaus Research Corp., a company which "develops anti-spam technologies". The Spamhaus Whitelist Co. Ltd., a Jersey-registered company which manages the Spamhaus Whitelist. Also there are several references on the Spamhaus website to The Spamhaus Foundation, a private interest foundation (believed to be a Liechtenstein Foundation) whose charter is "to assure the long-term security of The Spamhaus Project and its work".

Awards

  • National Cyber Forensics Training Alliance 2008 Cyber Crime Fighter Award
  • Internet Service Providers Association
    Internet Service Providers Association
    The Internet Service Providers Association, or ISPA, is a British body representing providers of Internet Services.-History:ISPA was established in 1995 as the first trade association for ISPs, promoting competition, self-regulation and progress within the Internet industry...

    's Internet hero of 2003 award

e360 Lawsuit

In September 2006 an American spammer named David Linhardt, operating as "e360 Insight LLC", filed suit against Spamhaus in Illinois for blacklisting his junk mailings. Spamhaus initially hired an American law firm, which had the case moved
Removal jurisdiction
In the United States, removal jurisdiction refers to the right of a defendant to move a lawsuit filed in state court to the federal district court for the federal judicial district in which the state court sits. This is a general exception to the usual American rule giving the plaintiff the right...

 from the state court to the U.S. Federal District Court for the Northern District of Illinois, but then (on the advice of its British lawyers) objected to the lawsuit altogether on the grounds that Spamhaus, being based in the United Kingdom, was outside the jurisdiction
Jurisdiction
Jurisdiction is the practical authority granted to a formally constituted legal body or to a political leader to deal with and make pronouncements on legal matters and, by implication, to administer justice within a defined area of responsibility...

 of United States courts. The court, presided over by Judge Charles Kocoras, proceeded with the case against Spamhaus without considering the international jurisdiction issue, prompting British MP
Member of Parliament
A Member of Parliament is a representative of the voters to a :parliament. In many countries with bicameral parliaments, the term applies specifically to members of the lower house, as upper houses often have a different title, such as senate, and thus also have different titles for its members,...

 Derek Wyatt
Derek Wyatt
Derek Murray Wyatt FRSA is a British Labour Party politician who was the Member of Parliament for Sittingbourne and Sheppey from 1997 to 2010, having previously been a councillor in the London Borough of Haringey.-Early life:...

 to call for the judge to be suspended from office.
Not having had its objection to jurisdiction examined, Spamhaus refused to participate in the U.S. case any further and withdrew its counsel. However, Spamhaus was deemed by the court to have "technically accepted jurisdiction" by having initially responded at all, and the judge, angry at Spamhaus having walked out of his court, awarded e360 a default judgement totaling $11,715,000 in damages. Spamhaus subsequently announced that it would ignore the judgement because default judgements issued by U.S. courts without a trial "have no validity in the U.K. and cannot be enforced under the British legal system".

Following the ruling in its favour, e360 filed a motion in Federal court to attempt to force ICANN
ICANN
The Internet Corporation for Assigned Names and Numbers is a non-profit corporation headquartered in Marina del Rey, California, United States, that was created on September 18, 1998, and incorporated on September 30, 1998 to oversee a number of Internet-related tasks previously performed directly...

 to remove the domain records of Spamhaus until the default judgement had been satisfied. This raised international issues regarding ICANN's unusual position as an American organization with worldwide responsibility for domain names, and ICANN protested that they had neither the ability nor the authority to remove the domain records of Spamhaus, which is a UK-based company. On 20 October 2006, Judge Korcoras issued a ruling denying e360's motion against ICANN, stating in his opinion that "there has been no indication that ICANN [is] not [an] independent entit[y] [from Spamhaus], thus preventing a conclusion that [it] is acting in concert" with Spamhaus and that the court had no authority over ICANN in this matter. The court further ruled that removing Spamhaus's domain name registration was a remedy that was "too broad to be warranted in this case," because it would "cut off all lawful online activities of Spamhaus via its existing domain name, not just those that are in contravention" of the default judgment. Kocoras concluded, "[w]hile we will not condone or tolerate noncompliance with a valid order of this court [i.e., Spamhaus' refusal to satisfy the default judgement] neither will we impose a sanction that does not correspond to the gravity of the offending conduct."

In 2007, Chicago law firm Jenner & Block LLP took up Spamhaus's case pro bono publico and appealed the ruling. The U.S. federal Court of Appeals for the Seventh Circuit vacated the damages award and remanded the matter back to the district court to find a more extensive inquiry to determine damages. In January 2008, e360 Insight LLC filed for bankruptcy and closed down, citing astronomical legal bills associated with this court case as the reason for its demise.

In 2010, the $11.7–million–dollar damages award was reduced to $27,002 — $1 for tortious interference with prospective economic advantage, $1 for claims of defamation, and $27,000 for "existing contracts".

Spamhaus lawyers however went back to the US Court of Appeals for a second time and appealed even the lower $27,002 amount. The US Court of Appeals found in favour of Spamhaus and on the 2nd September 2011, issued a new ruling reducing the entire judgment to just $3 total and ordering the Plaintiff e360 to pay the costs of the appeal for the defence.

Spamhaus versus nic.at

In June 2007 Spamhaus requested the national Domain registry of Austria
Austria
Austria , officially the Republic of Austria , is a landlocked country of roughly 8.4 million people in Central Europe. It is bordered by the Czech Republic and Germany to the north, Slovakia and Hungary to the east, Slovenia and Italy to the south, and Switzerland and Liechtenstein to the...

, nic.at
.at
.at is the Internet country code top-level domain for Austria. It is administered by .The .at top-level domain has a number of second-level domains...

, to suspend a number of domains, claiming they were registered anonymously by phishing gangs for illegal bank phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...

 purposes. The registry nic.at rejected the request and argued that they would break Austrian law by suspending domains, even though the domains were used for criminal purposes, and demanded proof that the domains were registered under false identities. For some time the domains continued to phish European banks, including German and Austrian banks. Finally, Spamhaus put the mail server of nic.at on their SBL spam blacklist under the SBL's policy "Knowingly Providing a Spam Support Service for Profit" for several days which caused interference of mail traffic at nic.at. All of the criminal phishing domains have since been deleted/suspended by the respective DNS providers.

Blocking of Google Docs IPs

In August 2010 Spamhaus added some Google-controlled IP addresses used by Google Docs to its SBL spam list, due to Google Docs being a large source of uncontrolled spam. Google quickly cleaned the problem up and Spamhaus removed the listing. Though initially wrongly reported by some press to be IPs used by Gmail, later it was clarified that only Google Docs was blocked.

Spamhaus trademarked

Spamhaus has been given the blessing of Hormel
Hormel
Hormel Foods Corporation is a food company based in southeastern Minnesota , perhaps best known as the producer of Spam luncheon meat. The company was founded as George A. Hormel & Company in Austin, Minnesota, U.S., by George A. Hormel in 1891. The company changed its name to Hormel Foods...

, to trademark the name Spamhaus in the European Union. "Spamhaus" is now a Registered Trademark, No. 005703392.

See also

  • Anti-spam techniques (e-mail)
  • Comparison of DNS blacklists
    Comparison of DNS blacklists
    The following table lists technical information for a number of DNS blacklists.- External links :* , weekly reports since July 2001* * * * * *...

  • E-mail spam
    E-mail spam
    Email spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...

  • news.admin.net-abuse.email
    News.admin.net-abuse.email
    news.admin.net-abuse.email is a Usenet newsgroup devoted to discussion of the abuse of email systems, specifically through spam and similar attacks...

  • SpamCop
    SpamCop
    SpamCop is a free spam reporting service, allowing recipients of unsolicited bulk email and unsolicited commercial email to report offenders to the senders' Internet Service Providers , and sometimes their web hosts...

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK